Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

Does SSO solve security problems?


Merik Nanish 1184142
 Share

Recommended Posts

Merik Nanish 1184142
Posted
Posted

The combination of a central authentication system (in our case called SSO) which uses HTTPS and letting/forcing users change their p[Mod - Happy Thoughts]words frequently and into more secure ones (than the usual 6-digit p[Mod - Happy Thoughts]words), sounds like a step forward in securing VATSIM. However, when you realize that even VATSIM's own forums are not using SSO for logging in, and that you will eventually transmit your CID and p[Mod - Happy Thoughts]word in an unencrypted way every time you log into the network as a controller/pilot, one wonders if SSO and new p[Mod - Happy Thoughts]word policies are really going to help much.

 

Are there any plans to make to modify FSD server and force it to use encryption at least at the time of logging into the network?

 

Also, are there any plans to make this very forum use SSO for signing on? Note that currently, logging into the VATSIM forum happens on a non-secure HTTP form.

NYARTCC Facility Engineer and Instructor

 

255qao8.png

Link to comment
Share on other sites

Norman Blackburn
Posted
Posted

This forum uses the actual database so SSO isn't required.

Norman

sig_FSLBetaTester.jpg

Link to comment
Share on other sites

Colin Schoen
Posted
Posted (edited)
This forum uses the actual database so SSO isn't required.

 

Merik, excuse me if I didn't understand correctly. I think his concern is about the lack of SSL when logging into the forum and the fact that your login data is transmitted via plaintext when connecting to the FSD servers with any pilot or controller client.

Edited by Guest

Colin Schoen

VATSIM Senior Network Supervisor

Link to comment
Share on other sites

Merik Nanish 1184142
Posted
Posted

Colin got it right.

NYARTCC Facility Engineer and Instructor

 

255qao8.png

Link to comment
Share on other sites

Norman Blackburn
Posted
Posted

I appreciate the lack of SSL (and did not comment on the FSD side of things) however my comment was only in regard to the forum not needing to use SSO.

Norman

sig_FSLBetaTester.jpg

Link to comment
Share on other sites

Kieran Hardern
Posted
Posted
However, when you realize that even VATSIM's own forums are not using SSO for logging in
Also, are there any plans to make this very forum use SSO for signing on? Note that currently, logging into the VATSIM forum happens on a non-secure HTTP form.

 

The SSO is pretty new, you'll see that things are slowly being moved over to it, however we can't do this all instantly. VATSIM is large and lots of things take coordination with people all around the world. In the case of the forum, it is more complicated considering 3rd party plugins like tapatalk use pretty crude methods of integrating. Because of that, you'll find that it's lower on the priority list than the sites where we can integrate without large disruption.

 

So therefore what your saying isn't wrong, however I'd summarise both our posts as saying "we're not quite there yet".

Link to comment
Share on other sites

 Share